Privacy Notice and Personal Data Protection Policy
Last updated: 11 July 2026
1. Introduction
This Privacy Notice explains how Mycommax Network Sdn Bhd, Registration No. 201401048480 (1124669-X), operating the Growing Business Simplified (“GBS”) brand, collects, uses, stores, discloses and protects personal data.
In this Privacy Notice, “GBS”, “we”, “our” and “us” refer to Mycommax Network Sdn Bhd and the Growing Business Simplified brand.
We are committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2010, its amendments, applicable regulations, standards and guidelines in Malaysia.
This Privacy Notice applies to personal data collected through:
- The Growing Business Simplified website
- Website forms and online assessments
- Email, telephone and messaging applications
- Training and programme registrations
- Advisory and consulting engagements
- Corporate workshops and events
- Surveys, feedback forms and enquiries
- Social media pages managed by GBS
- Business meetings and other interactions with us
By providing your personal data to us, using our website, submitting a form, registering for a programme or engaging our services, you acknowledge that you have read and understood this Privacy Notice.
Where consent is required by law, we will request it separately or through the relevant registration form, notice or communication.
2. Who Is Responsible for Your Personal Data?
For the purposes of applicable personal data protection law, the data controller is:
Mycommax Network Sdn Bhd
Registration No. 201401048480 (1124669-X)
Operating as Growing Business Simplified
Kuching, Sarawak, Malaysia
Privacy enquiries may be submitted using the contact details at the end of this Privacy Notice.
3. Personal Data We May Collect
The personal data we collect depends on how you interact with us.
3.1 Identity and contact information
This may include:
- Full name
- Email address
- Telephone or mobile number
- Correspondence address
- Company or organisation name
- Job title, department or position
- Professional or business information
- Social media contact details
- Emergency contact details, where reasonably required
3.2 Training, workshop and event information
This may include:
- Programme registration details
- Attendance records
- Course or workshop selections
- Employer or sponsoring organisation
- Learning requirements
- Questions submitted during programmes
- Assignment or activity submissions
- Assessment results
- Feedback and evaluation responses
- Certificate and completion information
- Communication relating to the programme
- Dietary, accessibility or other special arrangements that you voluntarily provide
Information relating to health, accessibility or dietary requirements will only be collected where reasonably necessary and will be handled with additional care.
3.3 Advisory and business engagement information
This may include:
- Business background
- Organisational information
- Business objectives and challenges
- Project requirements
- Meeting notes
- Strategic, operational or marketing information
- Proposals, agreements and correspondence
- Information relating to employees, customers, agents, partners or stakeholders provided during an engagement
- Project progress, decisions and implementation records
Clients are responsible for ensuring that they are authorised to provide any personal data belonging to their employees, customers, contractors or other individuals.
3.4 Transaction and billing information
This may include:
- Billing name and address
- Invoice information
- Payment status
- Payment confirmation
- Transaction references
- Purchase or programme history
- Records required for accounting, taxation or audit purposes
Where payments are handled through a third-party payment provider, payment card or banking information may be collected directly by that provider. GBS may receive transaction confirmation without receiving or storing complete payment card details.
3.5 Website and technical information
When you visit our website, certain information may be collected automatically, including:
- Internet Protocol address
- Browser type
- Device type
- Operating system
- General location derived from an IP address
- Pages visited
- Date and time of access
- Referring website
- Links selected
- Website interaction information
- Cookie identifiers
- Technical and security logs
This information may be collected through server logs, cookies and similar technologies.
3.6 Information submitted through assessments and tools
Where you use our DISC assessment, leadership assessment, planners, surveys or similar tools, we may collect:
- Answers submitted by you
- Assessment scores or profiles
- Preferences and self-reported information
- Goals or planning information that you choose to enter
- Feedback relating to the tool
Some tools may automatically generate a result based on the answers provided.
Such results are intended for education, reflection or development. They should not be treated as medical, psychological, legal or employment diagnoses, or as the sole basis for decisions that significantly affect an individual.
3.7 Photographs, audio and video
During programmes, workshops or events, we may collect:
- Photographs
- Audio recordings
- Video recordings
- Participant testimonials
Where such material may be used publicly for promotional, educational or reporting purposes, we will provide reasonable notice and obtain consent where required.
Participants may inform the organiser if they do not wish to appear in identifiable promotional photographs or recordings.
3.8 Communications and feedback
We may retain communications that you send to us, including:
- Emails
- Enquiry forms
- Messaging-app conversations
- Meeting correspondence
- Complaints
- Reviews
- Feedback
- Testimonials
- Customer-support enquiries
3.9 Sensitive personal data
GBS does not normally require sensitive personal data.
Please avoid sending medical information, financial account credentials, passwords, confidential identification documents or other sensitive information unless it is genuinely required and we have specifically requested it.
Where sensitive personal data is required, we will process it only for the stated purpose, with appropriate consent or where otherwise permitted by law.
4. How We Obtain Personal Data
We may obtain personal data:
- Directly from you
- Through our website and online forms
- When you register for a programme
- When you contact us by email, telephone or messaging application
- During meetings, workshops or advisory engagements
- Through questionnaires, assessments, surveys and feedback forms
- From your employer or sponsoring organisation
- From an association, organiser or programme partner
- From a representative acting on your behalf
- From publicly available business or professional sources
- From social media platforms when you interact with our pages
- Through website analytics, cookies and technical logs
- From service providers assisting with our programmes or operations
Where another organisation provides your information to us, we may rely on that organisation to confirm that it has the authority to provide the information for the relevant purpose.
5. Purposes for Which We Use Personal Data
We may process personal data for the following purposes.
5.1 Responding to enquiries
This includes:
- Responding to questions
- Arranging meetings
- Understanding your needs
- Preparing proposals or quotations
- Following up on potential engagements
- Providing requested information
5.2 Managing training and programmes
This includes:
- Processing registrations
- Confirming attendance
- Communicating programme information
- Managing participant lists
- Organising venues and logistics
- Providing materials
- Issuing certificates
- Recording attendance and completion
- Responding to participant questions
- Evaluating and improving programmes
- Reporting to employers, sponsors or organisers where appropriate
- Meeting audit, funding or regulatory requirements
5.3 Delivering advisory and professional services
This includes:
- Understanding the client’s circumstances
- Conducting diagnostics
- Developing recommendations
- Facilitating workshops
- Preparing reports and working documents
- Supporting implementation
- Monitoring agreed progress
- Managing project communications
- Maintaining professional records
- Completing agreed deliverables
5.4 Managing our business relationship
This includes:
- Preparing agreements and proposals
- Managing invoices and payments
- Maintaining client and participant records
- Providing service updates
- Managing complaints
- Handling administrative and operational matters
- Maintaining evidence of communications and instructions
5.5 Improving our services
This includes:
- Reviewing feedback
- Analysing programme effectiveness
- Improving website performance
- Developing training content
- Improving assessments and learning tools
- Understanding general customer and market needs
- Conducting internal planning and quality reviews
Where possible, aggregated or de-identified information will be used for analysis and improvement.
5.6 Communications and marketing
With your consent or where otherwise permitted, we may use your contact information to send:
- Programme announcements
- Event invitations
- Educational content
- Service information
- Updates relating to GBS
- Follow-up information relating to programmes you attended
- Relevant business, leadership or AI-related resources
You may unsubscribe or ask us to stop sending promotional communications at any time.
Service-related messages, such as registration confirmations, programme changes, payment matters or project communications, are not promotional messages and may still be sent where necessary.
5.7 Legal, security and compliance purposes
This includes:
- Complying with applicable laws and regulations
- Responding to lawful requests from authorities
- Maintaining accounting and taxation records
- Meeting audit or reporting requirements
- Establishing, exercising or defending legal rights
- Preventing fraud, misuse or security incidents
- Protecting our systems, users, staff and property
- Investigating complaints or suspected misconduct
6. Consequences of Not Providing Personal Data
You may choose not to provide personal data.
However, where the requested information is necessary, we may be unable to:
- Respond fully to your enquiry
- Register you for a programme
- Issue a certificate
- Process a payment
- Provide requested services
- Prepare a proposal or agreement
- Meet reporting or regulatory requirements
- Arrange special requirements
- Continue a business or advisory engagement
Where a field is optional, it will generally be indicated as such or may be left blank.
7. Disclosure of Personal Data
We do not sell or rent personal data.
We may disclose personal data only where reasonably necessary for the purposes described in this Privacy Notice.
Recipients may include:
7.1 Employees and authorised representatives
Personal data may be accessed by employees, directors, trainers, facilitators, project personnel or authorised representatives who require the information to carry out their responsibilities.
7.2 Service providers
We may engage service providers for:
- Website hosting
- Cloud storage
- Email and communications
- Registration forms
- Payment processing
- Accounting
- Document management
- Website analytics
- Cybersecurity
- Event management
- Design and media production
- Video conferencing
- Customer and project administration
These providers may process information only to perform services for us and are expected to protect it appropriately.
7.3 Employers, sponsors and programme organisers
Where your participation is arranged or funded by an employer, association, sponsor, co-organiser or client organisation, we may provide relevant information such as:
- Registration status
- Attendance
- Completion
- Certificate status
- Programme participation
- General evaluation or programme reporting
We will not ordinarily disclose private assessment responses, personal reflections or unrelated personal information unless this has been clearly explained and authorised.
7.4 Trainers, facilitators and programme partners
Relevant participant information may be shared with trainers, facilitators, venues, organisers or programme partners where necessary to conduct a programme safely and effectively.
7.5 Professional advisers
Information may be disclosed to accountants, auditors, legal advisers, insurers or other professional advisers where reasonably necessary.
7.6 Authorities and regulatory bodies
Information may be disclosed to government departments, courts, regulators, law-enforcement authorities or other bodies where:
- Required by law
- Required for reporting or audit purposes
- Necessary to respond to a lawful request
- Necessary to protect legal rights or public safety
This may include HRD Corp or other relevant training, funding or regulatory bodies where applicable.
7.7 Business restructuring
If Mycommax Network Sdn Bhd undergoes a restructuring, merger, acquisition, transfer or sale of part of its business, relevant information may be transferred subject to appropriate confidentiality and legal requirements.
8. Use of AI-Enabled Tools
GBS supports the responsible use of artificial intelligence.
Where AI-enabled tools are used internally to assist with tasks such as organising information, summarising non-sensitive materials, drafting administrative content or analysing general feedback, we will take reasonable steps to:
- Limit the personal data provided
- Remove or reduce identifying details where practical
- Avoid entering passwords, financial credentials or unnecessary sensitive information
- Use appropriate human review
- Verify important outputs
- Apply confidentiality and security considerations
- Use the information only for the intended purpose
We do not intend to use public generative AI systems as unrestricted storage for confidential client or participant information.
We do not make decisions that produce significant legal or similarly serious effects on an individual solely through an AI-generated output.
Where a specific engagement requires the processing of confidential information through a third-party AI system, the relevant arrangements, risks and safeguards should be addressed separately with the client.
9. Automated Assessments and Profiles
Some online assessments may automatically calculate a profile, category or result based on the answers submitted.
These automated results are intended to:
- Support reflection
- Improve self-awareness
- Facilitate discussion
- Assist learning and development
They are not intended to make final decisions concerning:
- Employment
- Promotion
- Recruitment
- Credit
- Insurance
- Medical treatment
- Legal rights
- Psychological diagnosis
Users and organisations should apply appropriate human judgement and consider the broader context before relying on any assessment result.
10. Cookies and Similar Technologies
Our website may use cookies and similar technologies.
Cookies are small files stored on a user’s device that help websites function and provide information about website usage.
Cookies used on the website may include:
10.1 Essential cookies
These support functions such as:
- Website security
- Form submission
- Page navigation
- Session management
- Saving necessary preferences
Essential cookies may be required for the website to operate correctly.
10.2 Preference cookies
These may remember choices such as language, display or other website preferences.
10.3 Analytics cookies
Where enabled, analytics cookies may help us understand:
- The number of website visitors
- Which pages are visited
- How visitors navigate the website
- General device and browser information
- Website errors and performance
We use this information to improve the website and generally do not need to identify individual visitors for this purpose.
10.4 Marketing cookies
Where advertising or remarketing technologies are used, cookies or similar identifiers may help measure campaigns or display relevant content.
Non-essential marketing technologies should only be used where appropriate notice and choice have been provided.
10.5 Managing cookies
You may manage or delete cookies through your browser settings and, where available, the website’s cookie preference controls.
Disabling certain cookies may affect some website functions.
11. Third-Party Websites and Services
Our website may contain links to external websites, social media platforms, payment services, video platforms or other third-party services.
These third parties operate independently and may have their own privacy notices and data-processing practices.
GBS is not responsible for the privacy practices, security or content of third-party services that we do not control.
You should review the relevant privacy notice before providing personal data to a third party.
12. Cross-Border Transfer of Personal Data
Some technology and service providers used by GBS may operate or store data outside Malaysia.
This may include providers of:
- Cloud hosting
- Email
- File storage
- Website services
- Video conferencing
- Analytics
- Communication tools
- Payment services
- AI-enabled systems
Where personal data is transferred or made accessible outside Malaysia, we will take reasonable steps to ensure that the transfer is permitted and that suitable protection is applied.
Depending on the circumstances, safeguards may include:
- Using established and reputable service providers
- Reviewing relevant privacy and security terms
- Limiting the information transferred
- Applying contractual protections
- Using access controls and security measures
- Obtaining consent where required
- Ensuring another legally recognised transfer condition applies
13. Protection and Security of Personal Data
We take reasonable practical steps to protect personal data from:
- Loss
- Misuse
- Unauthorised access
- Unauthorised disclosure
- Alteration
- Accidental destruction
- Malicious activity
Measures may include:
- Password protection
- Access restrictions
- Device and account security
- Encryption where appropriate
- Secure website connections
- Data minimisation
- Confidentiality obligations
- Backup procedures
- Software updates
- Security monitoring
- Limiting access to those who need the information
- Reviewing and deleting data that is no longer needed
No website, email system, cloud platform or electronic transmission can be guaranteed to be completely secure.
Users should also take reasonable precautions and should not send passwords, payment credentials or highly sensitive information through unsecured channels.
14. Personal Data Breaches
A personal data breach may include the loss, unauthorised access, disclosure, alteration or destruction of personal data.
Where we become aware of a suspected breach, we will take reasonable steps to:
- Investigate the incident
- Contain the breach
- Reduce possible harm
- Recover or secure affected information where possible
- Review the cause
- Improve safeguards
- Notify relevant authorities or affected individuals where required by applicable law
15. Retention of Personal Data
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected or as required by law.
The retention period may depend on:
- The nature of the information
- The purpose for which it was collected
- The duration of the client or participant relationship
- Certification and attendance requirements
- Contractual requirements
- Accounting, taxation or audit obligations
- Legal limitation periods
- Complaints or disputes
- Security and fraud-prevention requirements
- Requirements imposed by programme organisers, funders or regulators
When information is no longer reasonably required, we may:
- Securely delete it
- Destroy it
- Anonymise it
- Retain it only where required by law or for the establishment, exercise or defence of legal claims
Backup copies may remain temporarily until they are overwritten through normal system processes.
16. Accuracy of Personal Data
We take reasonable steps to keep personal data accurate, complete and up to date where necessary.
You are responsible for providing accurate information and informing us when important information changes.
You may contact us to request a correction.
17. Your Rights
Subject to applicable law, identity verification and any permitted exceptions, you may have the right to:
17.1 Request access
You may ask whether we hold your personal data and request access to personal data held about you.
17.2 Request correction
You may request that inaccurate, incomplete, misleading or outdated personal data be corrected.
17.3 Withdraw consent
Where processing is based on consent, you may withdraw that consent by giving reasonable written notice.
Withdrawal will not affect processing already carried out lawfully before the withdrawal.
Withdrawal may affect our ability to continue providing certain services.
17.4 Limit certain processing
You may request that we limit or stop certain uses of your personal data, subject to contractual, regulatory and legal requirements.
17.5 Object to direct marketing
You may ask us to stop using your personal data for direct-marketing purposes.
Each promotional email should provide an unsubscribe method. You may also contact us directly.
17.6 Make an enquiry or complaint
You may contact us if you have questions or concerns regarding the way your personal data has been handled.
We may require sufficient information to confirm your identity and locate the relevant records before processing a request.
We will respond within the period required by applicable law or within a reasonable period where no specific period applies.
18. Children and Young Persons
Our website and services are primarily intended for businesses, organisations, working adults and adult learners.
Where a participant is below 18 years old, registration or participation may require the involvement or consent of a parent, guardian, school, employer or responsible organisation, depending on the programme and applicable requirements.
Parents or guardians who believe that a young person has provided personal data without appropriate authorisation may contact us.
19. Photographs, Testimonials and Promotional Content
We may invite participants or clients to provide:
- Testimonials
- Reviews
- Photographs
- Video statements
- Case-study information
We will obtain permission before using an identifiable testimonial or personal endorsement for promotional purposes.
Where event photography is conducted, a general event notice may be provided. Individuals may inform the organiser where they have concerns about being photographed or recorded.
Confidential client information will not be published as a case study without appropriate authorisation or unless it has been sufficiently anonymised.
20. Confidential Business Information
This Privacy Notice primarily concerns personal data.
During advisory or training engagements, GBS may also receive confidential business information that does not identify an individual.
Such information will be handled in accordance with:
- Applicable agreements
- Confidentiality obligations
- Professional responsibilities
- Agreed project terms
Clients should use appropriate secure channels when sharing confidential or commercially sensitive information.
21. Changes to This Privacy Notice
We may update this Privacy Notice when:
- Our services change
- Our data practices change
- New technologies are introduced
- Legal or regulatory requirements change
- New service providers or programme arrangements are introduced
The latest version will be published on our website with the updated revision date.
Material changes may also be communicated through email, registration forms, programme notices or other appropriate channels.
Continued use of the website or services after an update does not replace any consent that may be specifically required by law.
22. Contact and Privacy Requests
Questions, requests or complaints concerning personal data may be directed to:
Privacy Contact
Mycommax Network Sdn Bhd
Operating as Growing Business Simplified
Registration No. 201401048480 (1124669-X)
Kuching, Sarawak, Malaysia
Email: hello@growingbusinesssimplified.com
Telephone: +6011 1050 1712
You may also contact us through the Contact page on the Growing Business Simplified website.
Please include sufficient details for us to understand your enquiry. Do not send passwords, complete banking credentials or unnecessary sensitive documents through ordinary email.
23. Governing Law
This Privacy Notice and the processing of personal data by Mycommax Network Sdn Bhd are governed by the applicable laws of Malaysia.
Nothing in this Privacy Notice limits any rights or obligations that cannot lawfully be limited under the Personal Data Protection Act 2010 or other applicable law.